Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 7641-7660 of 10866 records
Threat Entry Updated 2025-03-11

CVE-2024-1771 - Total Plugin

The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the total_order_sections() function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat sections on the homepage.

PLUGIN Total

CVE-2024-1771

MEDIUM CVSS 5.3 2024-03-06
Open Full Technical Breakdown
Threat Entry Updated 2025-02-04

CVE-2024-1760 - Simply Schedule Appointments Plugin

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssa_factory_reset() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Simply Schedule Appointments

CVE-2024-1760

MEDIUM CVSS 4.3 2024-03-06
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-1782 - Blue Triad Ezanalytics Plugin

The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'bt_webid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN Blue Triad Ezanalytics

CVE-2024-1782

MEDIUM CVSS 6.1 2024-03-05
Open Full Technical Breakdown
Threat Entry Updated 2024-12-23

CVE-2024-1769 - Jm Twitter Cards Plugin

The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source.

PLUGIN Jm Twitter Cards

CVE-2024-1769

MEDIUM CVSS 5.3 2024-03-05
Open Full Technical Breakdown
Threat Entry Updated 2025-04-01

CVE-2024-1381 - Page Builder Sandwich Plugin

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or configuration data.

PLUGIN Page Builder Sandwich

CVE-2024-1381

MEDIUM CVSS 6.5 2024-03-05
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-1285 - Page Builder Sandwich Plugin

The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and above, to insert arbitrary content into existing posts.

PLUGIN Page Builder Sandwich

CVE-2024-1285

MEDIUM CVSS 6.5 2024-03-05
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-1478 - Maintenance Mode Plugin

The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by the plugin.

PLUGIN Maintenance Mode

CVE-2024-1478

MEDIUM CVSS 5.3 2024-03-05
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-1178 - Sportspress Plugin

The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs

PLUGIN Sportspress

CVE-2024-1178

MEDIUM CVSS 5.3 2024-03-05
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-1095 - Build Control Block Pattern Plugin

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to export the plugin's settings.

PLUGIN Build Control Block Pattern

CVE-2024-1095

MEDIUM CVSS 5.3 2024-03-05
Open Full Technical Breakdown
Threat Entry Updated 2025-03-24

CVE-2024-0698 - Easy Appointments Plugin

The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Easy Appointments

CVE-2024-0698

MEDIUM CVSS 6.4 2024-03-05
Open Full Technical Breakdown
Threat Entry Updated 2024-12-23

CVE-2024-1093 - Change Memory Limit Plugin

The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory limit.

PLUGIN Change Memory Limit

CVE-2024-1093

MEDIUM CVSS 5.3 2024-03-05
Open Full Technical Breakdown
Threat Entry Updated 2025-03-11

CVE-2024-1088 - Password Protected Store For Woocommerce Plugin

The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content.

PLUGIN Password Protected Store For Woocommerce

CVE-2024-1088

MEDIUM CVSS 5.3 2024-03-05
Open Full Technical Breakdown
Threat Entry Updated 2025-06-27

CVE-2024-1316 - Event Tickets And Registration Plugin

The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g. draft, private, pending review, pw-protected, and trashed events).

PLUGIN Event Tickets And Registration

CVE-2024-1316

MEDIUM CVSS 6.5 2024-03-04
Open Full Technical Breakdown
Threat Entry Updated 2025-04-24

CVE-2024-1319 - Events Tickets Plus Plugin

The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed posts).

PLUGIN Events Tickets Plus

CVE-2024-1319

MEDIUM CVSS 4.3 2024-03-04
Open Full Technical Breakdown
Threat Entry Updated 2025-01-08

CVE-2024-1398 - Ultimate Bootstrap Elements For Elementor Plugin

The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_title_tag’ and ’heading_sub_title_tag’ parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Ultimate Bootstrap Elements For Elementor

CVE-2024-1398

MEDIUM CVSS 6.4 2024-03-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-07

CVE-2024-1449 - Master Slider Plugin

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slide shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Master Slider

CVE-2024-1449

MEDIUM CVSS 6.4 2024-03-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-07

CVE-2024-0611 - Master Slider Plugin

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.5. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Master Slider

CVE-2024-0611

MEDIUM CVSS 4.4 2024-03-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-07

CVE-2023-6326 - Master Slider Plugin

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.3. This is due to missing or incorrect nonce validation on the 'process_bulk_action' function. This makes it possible for unauthenticated attackers to duplicate or delete arbitrary sliders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Master Slider

CVE-2023-6326

MEDIUM CVSS 5.4 2024-03-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-16

CVE-2024-0378 - Ai Engine Plugin

The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Ai Engine

CVE-2024-0378

MEDIUM CVSS 6.5 2024-03-02
Open Full Technical Breakdown
Threat Entry Updated 2025-01-16

CVE-2024-1775 - Nextend Social Login Plugin

The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘error_description’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers, with access to a subscriber-level account, to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: This vulnerability can be successfully exploited on a vulnerable WordPress instance against an…

PLUGIN Nextend Social Login

CVE-2024-1775

MEDIUM CVSS 5.4 2024-03-02
Open Full Technical Breakdown
Scroll to top